The sense and non-sense in process automation

René Meuleman argues for a different approach to redundancy and fault tolerance when planning for the safety of a process.

Across multiple facilities - and even sometimes in the same facility with a number of them - furnaces are controlled by a range of process control systems and operational strategies. The application of furnace process control systems has become more diverse and more complex in order to achieve essentially the same common goal: a consistent and efficient melt. The introduction of computer-controlled systems based on PLC and DCS (Distributed Control Systems) technology has driven focus and improvements in these goals.

Forced to increase throughput, save energy and comply with emission reduction targets means that the glass industry is looking towards the full automation of melting processes by adding intelligent and model-based strategies. However with this ever increasing complexity we have to ensure that the furnace is secure and able to operate safely and efficiently, preferably without adding further complexity and whilst maintaining the operability and maintainability required by our operational and maintenance personnel. The world of furnace automation will continue to develop, however one important objective will remain: that of securing and extending the lifetime of our most valuable asset, the furnace.

DCS Systems

The first DCS systems were introduced 30 years ago and became used in the glass industry. At that time most glass industry automation was achieved by standalone PID controllers and relay logic. Although these first DCS systems provided a lot of flexibility and increased process control intelligence, standalone controllers stayed in case the DCS system failed.

When the second generation DCS and process control systems arrived, these standalone controllers started to be phased out, their functionality replaced by I/O systems and CPU-based software controllers. As a result, standalone PID controllers became dedicated back-up controllers, doing the important job of process control interfacing and fulfilling the role of back-up control in the event of a process control system failure. With the next generation, the PID loop controllers became more intelligent and freely programmable. They reached a level of functionality that came very close to DCS PID loop functionality and consequently they were fully integrated into the DCS.

Back-Up Controllers

Nowadays many process control engineers and operators in the glass industry still like the combination of a process control system with back-up controllers because if the system fails, there will still be the standalone controllers doing their job and providing a simple display to monitor the process values, together with some push buttons to change the set points.

However, as back-up controllers are probably the only parts that interface with the process, there are some potential dangers in this specific design: what if the controller fails, how easily can it be replaced, how to handle redundancy and will such a design limit the flexibility of programming complex strategies?
Will operators be able to handle those back-up controllers in the unlikely event of a system failure? Nowadays there are alternatives and the question is: 'How can we design a new process control system without preconceived notions?'

There are only two aspects that count: how much money is going to be invested on things that probably will never happen, and how much damage will a system failure create? Extra investment is needed to cover these safety issues. As a result, we need fault tolerance and redundancy but it should have a modest price and be easy, understandable and maintainable.

Easy Integration

If we want to extend the system's hardware or intelligence, or we don't want to add standalone systems but we need to integrate them into the existing process control environment, the system should stay as one entity and not as a variety of sub-systems. Therefore ease, integration and flexibility of system extensions should be secured. To summarise, a DCS system should secure the furnace operation enough, it needs to be easy to maintain, extremely extendable and should not cost too much. IOM is a supplier of process control solutions and can supply all kinds of solutions, with or without standalone controllers, single redundant and fault-tolerant such as the Foxboro A2 PAC for glass applications.

Fault Tolerance

Fault-tolerant systems should have redundancy in all levels of the process control system. By installing dual workstations, redundant server systems, switches and tying them together with fibre-optic rings, a fault tolerant HMI layer can be supplied assuming all components are supplied by a redundant power supply system. Such a system will allow a failure of one component on each level without losing its functionality (see Figures 1 & 2)
The IOM Foxboro A2 PACs (see Figure 3) has a different approach to redundancy and fault tolerance which is essential for the safety of a process. Multiple CPUs are included down to the level of IOs (Input/Output), providing redundancy at the lowest process control level. These redundant CPUs run specific tasks dedicated to the specific IOs which are dedicated to the specific part of the process.

Multiple CPUs installed at the IO-layer of automation (see Figure 2) will run the process; as long as these IO / CPU racks are alive they will take care of the processes dedicated to them. For example, a typical container plant Foxboro A2 PAC system will have 10-20 redundant CPUs distributed and dedicated to the furnace and forehearth processes (see Figure 3), i.e. granularity. All the CPUs are tied together to become one fault-tolerant and scalable Distributed Control System, providing full transparency in programming and data exchange. Adding additional redundant IO, new sub-systems or extending distributed intelligence is no problem. By designing, building, connecting and programming that new part of automation, it will become part of the single entity having all the signals, events and parameters available for each CPU.

Conclusion

Flexibility, maintainability, redundancy, fault tolerance and system availability are a matter of sense but unfortunately also a lot of non-sense. Customers and suppliers need to communicate and should both try to bring about a sensible, cost-effective but also an innovative solution. IOM has a DCS solution based on Foxboro A2 PACs; the company believes it is an added-value partner in glass, capable of providing a wide variety of solutions and taking an active part in the design discussion.